|
1 | | Auditors obtain an understanding of an entitys internal control for the primary purpose of: |
| | A) | Gathering sufficient appropriate evidence to provide a reasonable basis for an opinion on the financial statements. |
| | B) | Determining the nature, extent and timing of subsequent audit procedures to be performed. |
| | C) | Determining whether interim audit testing is appropriate. |
| | D) | Providing documentary evidence to present to those charged with governance. |
|
|
|
2 | | An auditors primary consideration regarding an entitys internal controls is whether they |
| | A) | Prevent management override. |
| | B) | Relate to the control environment. |
| | C) | Reflect managements philosophy and operating style. |
| | D) | Affect the financial statement assertions. |
|
|
|
3 | | Which of the following statements about internal control is correct? |
| | A) | A properly maintained internal control system reasonably ensures that collusion among employees cannot occur. |
| | B) | The establishment and maintenance of internal control is an important responsibility of the internal auditor. |
| | C) | An exceptionally strong internal control system is enough for the auditor to eliminate substantive procedures on a significant account balance. |
| | D) | The cost-benefit relationship is a primary criterion that should be considered in designing an internal control system. |
|
|
|
4 | | Internal controls are designed to achieve company objectives in all of the following areas except: |
| | A) | Safeguarding of assets. |
| | B) | Reliability of financial reporting. |
| | C) | Reduction of debt financing costs. |
| | D) | Compliance with laws and regulations. |
|
|
|
5 | | Internal control is a process designed to provide reasonable assurance regarding the achievement of which objective? |
| | A) | Effectiveness and efficiency of operations. |
| | B) | Reliability of financial reporting. |
| | C) | Compliance with applicable laws and regulations. |
| | D) | All of the above are correct. |
|
|
|
6 | | Which of the following is not one of the five major components of internal control? |
| | A) | Risk assessment. |
| | B) | Control activities. |
| | C) | Information and communication. |
| | D) | Human resource background checks. |
|
|
|
7 | | Monitoring is a major component of the COSO Internal ControlIntegrated Framework. Which of the following is not correct in how the company can implement the monitoring component? |
| | A) | Monitoring can be an ongoing process. |
| | B) | Monitoring can be conducted as a separate evaluation. |
| | C) | Monitoring and other audit work conducted by internal audit staff can reduce external audit costs. |
| | D) | The independent auditor can serve as part of the entitys control environment and continuous monitoring. |
|
|
|
8 | | Which of the following is a proper reason for not conducting tests of controls? |
| | A) | The internal control structure appears very strong. |
| | B) | The procedures require more audit effort than the projected benefits to be obtained from lowering the control risk. |
| | C) | The company does not have any flowcharts of its system available for review. |
| | D) | The auditor prefers the control risk to be the minimum. |
|
|
|
9 | | After obtaining an understanding of an entitys internal control system, an auditor may set control risk at high for some assertions because he or she |
| | A) | Believes the internal controls are unlikely to be effective. |
| | B) | Determines that the pertinent internal control components are not well documented. |
| | C) | Performs tests of controls to restrict detection risk to an acceptable level. |
| | D) | Identifies internal controls that are likely to prevent material misstatements. |
|
|
|
10 | | Regardless of the assessed level of control risk, an auditor would perform some |
| | A) | Tests of controls to determine the effectiveness of internal controls. |
| | B) | Analytical procedures to verify the design of internal controls. |
| | C) | Substantive procedures to restrict detection risk for material transaction classes. |
| | D) | Dual-purpose tests to evaluate both the risk of monetary misstatement and preliminary control risk. |
|
|
|
11 | | With preliminary control risk assessments set at high, auditors are likely to: |
| | A) | Use a reliance strategy. |
| | B) | Complete little or no tests of controls. |
| | C) | Complete interim testing of account balances. |
| | D) | Test controls extensively. |
|
|
|
12 | | Which of the following represents the correct sequence of audit steps that come after first obtaining an understanding and documenting the entitys internal control? |
| | A) | Test of controls, assess control risk, determine extent of substantive tests, reassess control risk. |
| | B) | Assess control risk, test of controls, determine extent of substantive testing, reassess control risk. |
| | C) | Assess control risk, determine extent of substantive testing, test of controls, reassess control risk. |
| | D) | Assess control risk, test of controls, reassess control risk, determine extent of substantive testing. |
|
|
|
13 | | A reliance strategy is chosen when the auditor: |
| | A) | Plans on conducting tests of controls. |
| | B) | Has set the control risk at a high level. |
| | C) | Has set the control risk at a lower level. |
| | D) | Both A) and C). |
|
|
|
14 | | Understanding each of the components of internal control provides knowledge about: |
| | A) | The design of tests of controls. |
| | B) | The assessment of inherent risks. |
| | C) | Factors that affect the risk of material misstatement. |
| | D) | Both A) and C). |
|
|
|
15 | | The effectiveness of internal control is reduced by: |
| | A) | Computerized accounting records. |
| | B) | Flowcharts. |
| | C) | Human errors or mistakes. |
| | D) | Both A) and C). |
|
|
|
16 | | Which of the following statements regarding auditor documentation of the entitys internal control is correct? |
| | A) | Documentation must include narrative memorandums. |
| | B) | No documentation is necessary to satisfy auditing standards, however, oral inquiry is required at minimum. |
| | C) | Internal control questionnaires are specifically tailored to meet the needs of each individual entity. |
| | D) | The auditors assessment of the level of control risk can be documented using a structured working paper, an internal control questionnaire or a memorandum. |
|
|
|
17 | | In order to be able to set control risk at a lower level, the auditor must do all of the following except: |
| | A) | Identify all general IT controls. |
| | B) | Identify specific controls that will be relied upon. |
| | C) | Perform tests of controls. |
| | D) | Conclude on the achieved level of control risk. |
|
|
|
18 | | Assessing control risk below high involves all of the following except |
| | A) | Identifying specific controls to rely on. |
| | B) | Concluding that controls are ineffective. |
| | C) | Performing tests of controls. |
| | D) | Analysing the achieved level of control risk after performing tests of controls. |
|
|
|
19 | | Which of the following audit techniques would most likely provide an auditor with the most assurance about the effectiveness of the operation of a control? |
| | A) | Inquiry of entity personnel. |
| | B) | Reperformance of the control by the auditor. |
| | C) | Observation of entity personnel. |
| | D) | Walk-through. |
|
|
|
20 | | The highest-quality and most reliable audit evidence that segregation of duties is properly implemented is obtained by |
| | A) | Inspection of documents prepared by a third party but which contain the initials of those applying entity controls. |
| | B) | Observation by the auditor of the employees performing control activities. |
| | C) | Inspection of a flowchart of duties performed and available personnel. |
| | D) | Inquiries of employees who apply control activities. |
|
|
|
21 | | An auditor may need to obtain a service auditors report when an entity receives accounting services such as payroll from a service organization. Which of the following statements is true regarding this service audit report? |
| | A) | It should include an opinion. |
| | B) | It provides the client auditor with a guarantee regarding whether the entitys control procedures have been placed in operation. |
| | C) | The client auditor need not inquire about the service auditors professional reputation. |
| | D) | The client auditor should perform the procedures at the service organization to verify the information in the report. |
|
|
|
22 | | Type 2 reports by the service organizations auditor typically |
| | A) | Provide reasonable assurance that their financial statements are free of material misstatements. |
| | B) | Ensure that the entity will not have any misstatements in areas related to the service organizations activities. |
| | C) | Ensure that the entity is billed correctly. |
| | D) | Assess whether the service organizations controls are suitably designed and operating effectively. |
|
|
|
23 | | Significant deficiencies in internal control are matters that come to an auditors attention that should be communicated to those charged with governance because they represent |
| | A) | Disclosures of information that significantly contradict the auditors going concern assumption. |
| | B) | Material fraud perpetrated by high-level management. |
| | C) | Significant deficiencies in the design or operation of the internal control. |
| | D) | Manipulation or falsification of accounting records or documents from which financial statements are prepared. |
|
|
|
24 | | A primary advantage of using generalized audit software packages to audit the financial statements of an entity that uses an IT system is that the auditor may |
| | A) | Consider increasing the use of substantive tests of transactions in place of analytical procedures. |
| | B) | Substantiate the accuracy of data through self-checking digits and hash totals. |
| | C) | Reduce the level of required tests of controls to a relatively small amount. |
| | D) | Access information stored on computer fi les while having a limited understanding of the entitys hardware and software features. |
|
|
|
25 | | Which of the following is not considered a general control? |
| | A) | Back up and disaster recovery controls. |
| | B) | Password protection on the central server. |
| | C) | Reconciliation of payroll record count with the number of active employees. |
| | D) | Requiring change authorization forms on all program software. |
|
|
|
26 | | An auditor anticipates assessing control risk at a low level in an IT environment. Under these circumstances, on which of the following controls would the auditor initially focus? |
| | A) | Data capture controls. |
| | B) | Application controls. |
| | C) | Output controls. |
| | D) | General controls. |
|
|
|
27 | | An auditors flowchart of an entitys accounting system is a diagrammatic representation that depicts the auditors |
| | A) | Program for tests of controls. |
| | B) | Understanding of the system. |
| | C) | Understanding of the types of fraud that are probable, given the present system. |
| | D) | Documentation of the study and evaluation of the system. |
|
|